On July 31, the U.S. Department of Homeland Security (DHS) announced the creation of the National Risk Management Center (NRMC), which will focus on evaluating cyber threats and defending critical United States infrastructure. The NRMC will have responsibility for coordination at a national level to protect banks, utilities, telecoms, and similar infrastructures from cybersecurity threats including attacks from nation states like Russia.
Specifically, DHS states that the NRMC will:
- identify, assess, and prioritize efforts to reduce risks to national critical functions, which enable national and economic security;
- collaborate on the development of risk management strategies and approaches to
- manage risks to national functions; and
- coordinate integrated cross-sector risk management activities.
DHS Secretary Kristjen Nielsen said, when announcing the NRMC, that “[o]ur goal is to simplify the process, to provide a single point of focus for the single point of access to the full range of government activities to defend against cyber threats.” She added, “I occasionally still hear of companies and state and local [governments] who call 911 when they believe they’ve been under a cyber attack. The best thing to do would be to call this center — this will provide that focal point.”
The NRMC is designed to work closely with the National Cybersecurity and Communications Integration Center (NCCIC) which will remain DHS’s central hub for cyber operations, according to DHS. The two centers will work together to ensure effective coordination between strategic risk management and tactical operations.
Specific details on how NRMC will work with and ultimately protect critical infrastructure from cyber threats are not yet known. This leaves open the question of whether this latest initiative will make any significant impact on preparing against cyberattacks. Of course, industry participation will also heavily determine the success of the DHS initiatives. At the very least, this effort by DHS suggests that the government is interested in taking a central role in preparing the public and private sectors against ever-increasing cyber threats.